*Note: This FAQ comes from the Office of the Washington State Auditor*
Frequently asked questions regarding a data breach at SAO’s third-party service provider:
Q: When will I know whether my personal information was involved in this data breach? How will I find out, and what will happen after that?
A: Personal notifications directly to people whose data was involved will begin soon. SAO is continuing to work with its insurance company and legal counsel on these direct notifications. Although we do not have a firm date right now, SAO is doing everything in its power to have this process begin quickly.
In the meantime, SAO has set up a webpage dedicated to providing the latest information on this incident. Please go to sao.wa.gov/breach2021.
Q: Will this incident, which involved people’s unemployment information, affect the status or processing of their unemployment claims?
A: The Employment Security Department (ESD) does not yet know if the data breach will affect benefit payments. The agency is advising people to continue to submit weekly claims as usual. ESD’s claim system was not involved in this incident. Additionally, if there is something affecting your benefit payment, please check your eServices account for alerts. ESD will notify you of any new issues affecting your benefit claims.
Q: Remind me again: What files were affected?
A: The investigation is ongoing. Here is some of the data we believe was affected:
Personal information of people who filed for unemployment claims from Jan. 1 to Dec. 10, 2020. In addition to members of the general public, this group includes many state employees, as well as people whose identity was used to file for claims fraudulently in early 2020. The data involves about 1.6 million claims and included the person’s name, social security number and/or driver’s license or state identification number, bank information, date of birth and place of employment. Personal information of a smaller number of people, including data held by the Department of Children, Youth and Families. Non-personal financial information and other data from local governments and state agencies.
Q: Why can’t you tell us more about what information was involved?
A: The identities and information of individual people are contained in voluminous data files. We are working diligently to extract the identification and information about each person who was affected. We will provide the right information to the right people at the right time. We are doing our best to balance the need for transparency and the need for security. We are committed to sharing all that we can when it is appropriate.
Q: Why was SAO in possession of the ESD data?
A: SAO was reviewing all claims data as part of an audit of a fraud incident that occurred at ESD in early 2020. Auditing in all its forms requires us to handle sensitive information – some financial, some personal. We strongly believe our work, and our access to that data, has helped improve government for Washingtonians.
Q: Have the police or other authorities been notified?
A: Yes. Appropriate law enforcement agencies have been notified. Our primary concern is making sure this incident is fully investigated, and we don’t want to do anything to jeopardize that.